Content-type: text/html Man page of getesdfent


Section: C Library Functions (3)
Index Return to Main Contents


getesdfent, getesdfnam, setprdfent, endprdfent, putesdfnam - Manipulate system default database entry (Enhanced Security)  


Security Library (

NOTE: In order to quickstart a program, the program must be linked as follows:

-lsecurity -ldb -laud -lm

See the shared library discussion in the Programmer's Guide for more information about using the quickstarting feature.  


#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>

struct es_default *getesdfent(void);

struct es_default *getesdfnam(        char *name);

void setprdfent(void);

void endprdfent(void);

int putesdfnam(        char *name,
       struct es_default *pr);


Specifies a system default database entry name. Specifies a system default database control entry structure.  


The getesdfent() and getesdfnam() functions each return a pointer to an object with the following structure containing the separated-out fields of a line in the system default database. Each line in the database contains a es_default structure, declared in the <prot.h> file as follows: struct es_default {
        char                     *dd_name; /* copy of sfld->fd_name */
        int                      dg_name;  /* copy of sflg->fg_name */
        size_t                   esprof_flen;
        struct espw_field        *prd;
        struct espw_flag         *prg;
        size_t                   estc_flen;
        struct estc_field        *tcd;
        struct estc_flag         *tcg;
        size_t                   esdev_flen;
        struct esdev_field       *devd;
        struct esdev_flag        *devg;
        size_t                   fieldlen;
        struct es_default_fields *sfld;
        struct es_default_flags  *sflg; } ;

struct system_default_fields
    time_t      fd_inactivity_timeout;
    time_t      fd_pw_expire_warning;
    char        fd_pw_site_callout[MAXPATHLEN];
    mask_t      fd_secclass[AUTH_SECCLASSVEC_SIZE];
                              /* System security class */
    char        fd_boot_authenticate;
    char        fd_audit_enable;

  } ;

struct system_default_flags
    unsigned int
                fg_inactivity_timeout  : 1,
                fg_pw_expire_warning   : 1,
                fg_pw_site_callout     : 1,
                fg_boot_authenticate   : 1,
                fg_audit_enable        : 1,
                fg_secclass            : 1 ;
  } ;

struct es_default_fields
    char       *fd_name;
    time_t     fd_inactivity_timeout;
    time_t     fd_pw_expire_warning;
    char       *fd_pw_site_callout;

    mand_ir_t  *fd_single_user_sl;

    mask_t     *fd_secclass;        /* System security class */
    char       fd_boot_authenticate;
    char       fd_audit_enable;

    char       fd_preexpire;        /* admin-set psw should be expired */
    char       fd_skip_ttys_update; /* skip putprtcnam in login path */
    char       fd_auto_migrate_u;   /* auto-create 'missing' profiles */
    time_t     fd_max_vac_future;   /* how far into future can vac. be? */
    time_t     fd_max_vac_len;      /* how long can vac. be (by user)? */ /* if either of the above fields is 0, user-originated 'vacation' * scheduling is disabled. */

    char       fd_accept_vouch;     /* accept 'vouching' in SIA */
  } ;

struct es_default_flags
    unsigned int
         fg_name                : 1,
         fg_inactivity_timeout  : 1,
         fg_pw_expire_warning   : 1,
         fg_pw_site_callout     : 1,
         fg_single_user_sl      : 1,  /* sens. level for single-user*/
         fg_boot_authenticate   : 1,
         fg_audit_enable        : 1,
         fg_secclass            : 1,
         fg_preexpire           : 1,  /* Is fd_preexpire set? */
         fg_skip_ttys_update    : 1,  /* Have fd_skip_ttys_update? */
         fg_auto_migrate_u      : 1,  /* Have fd_auto_migrate_u? */
         fg_max_vac_future      : 1,  /* Have fd_max_vac_future? */
         fg_max_vac_len         : 1,  /* Have fd_max_vac_len? */
         fg_accept_vouch        : 1   /* Have fd_accept_vouch? */
  } ;

Currently there is only one entry in the system default database, referenced by the name "default".

The system default database contains default values for all parameters in the protected password, terminal control, and device assignment databases, as well as configurable system-wide parameters. The fields from the other databases are described in the corresponding reference pages.

This field is the time, in seconds, before a password's expiration that the system begins printing expiration warnings when the user logs in.
Although not used in the software, this field is an indicator of the system's TCSEC (Orange Book) class of trust.
This field is a Boolean flag that indicates whether an authorized user must authenticate before the system begins operation. This field is reserved for future use.
This field and the fd_audit_flag are always 0 (zero).
Name of the entry.
Reserved for future use/
Pathname for the password policy callout script (or program, if replaced by the site). It is currently shipped as "/tcb/bin/pwpolicy".
Flag determining whether passwords set by system administrators should be pre-expired. Honored by the dxchpwd program (and thus by dxaccounts), as well as by the auto-migration code in the login sequence (see fd_auto_migrate_u).
Flag which, if set, disables break-in evasion for terminals by skipping the update of the ttys database during logins.
Flag determining whether user accounts which have valid accounts according to getpwnam() but which have no entry visible to getespwnam() should have an extended profile created automatically during login processing.
Time interval (in seconds) specifying the maximum time from the current time at which a user-initiated vacation can start. (Administratively-set vacations are not subject to this limit.) If 0, no user-initiated vacationing is possible.
Maximum time interval (in seconds) which can be set as the duration of a user-initiated vacation request. (Administratively-set vacations are not subject to this limit.) If 0, no user-initiated vacationing is possible.
Flag determining whether the enhanced security login sequence accepts password validation from another SIA mechanism, such as DCE.

The getesdfent() function returns a pointer to the first es_default structure in the database when first called. Thereafter, it returns a pointer to the next es_default structure in the database, so successive calls can be used to search the database (not currently supported). The getesdfnam() function searches from the beginning of the file until a default entry matching name is found, and returns a pointer to the particular structure in which it was found. If an end-of-file or an error is encountered on reading, these functions return a null pointer. Currently, all programs access the default database by calling getesdfnam() (the default).

A call to the setprdfent() function has the effect of rewinding the default control file to allow repeated searches. The endprdfent() function can be called to close the database when processing is complete.

The putesdfnam() function puts a new or replaced default control entry pr with key name into the database. If the sflg->fg_name field contains a value of 0 (zero), the requested entry is deleted from the system default database. The putesdfnam() function locks the database for all update operations, and performs an endprdfent() after the update or failed attempt.  


Structures returned by the database routines contain pointers to character strings and lists rather than being self-contained. The copy functions must be used rather than doing a structure assignment to save a returned structure.

Do not delete the system default entry. This renders the system unusable.  


The getesdfent() and getesdfnam() functions return null pointers on EOF or an error. The putesdfnam() function returns a value of 0 (zero) if it cannot add or update the entry.  


System defaults database.  


Functions: getespwent(3), getestcent(3), getesdvent(3)

Files: authcap(4), default(4)

Security delim off




This document was created by man2html, using the manual pages.
Time: 02:42:03 GMT, October 02, 2010